Vulnerability Details : CVE-2017-1000377
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-1000377
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-1000377
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
nvd@nist.gov |
|
5.9
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
2.5
|
3.4
|
nvd@nist.gov |
CWE ids for CVE-2017-1000377
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000377
-
https://access.redhat.com/security/cve/CVE-2017-1000377
Red Hat Customer PortalBroken Link
-
http://www.securityfocus.com/bid/99129
PAX Linux CVE-2017-1000377 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Third Party Advisory
Products affected by CVE-2017-1000377
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*